Measure and Countermeasure 

1 January 2007 tbs.pm/1152

Hacker web sites and forums have been talking for the last week or two about a claim that the AACS (Advanced Access Content System) copy protection system used on both the HD DVD and Blu Ray Disc HD disc formats has been hacked. A typical example can be found here.

Whether the hack has actually been carried out, or whether the account is a PR exercise designed to gain support for Blu Ray (which is regarded by some sources as losing momentum in the stupid format war that is stopping us from having a unified HD disc format to supersede DVD) in the wake of accounts claiming that the PS3 made a Blu Ray hack possible is definitely a matter of opinion. Certainly the AACS "hack" looks like an implementation of a standard AACS decoder, which requires codes to unlock, and none are provided (see this pro-HD-DVD article for more).

In addition, although both HD DVD and Blu Ray use AACS, Blu Ray also uses a physical disc watermarking system so that even a real AACS hack might not mean that Blu Ray was compromised, even if it is not already.

Nonetheless, it is a common perception that, as the Intelligence community saying goes, "To any measure, there’s a countermeasure". If you want to stop people from doing something, and they want to do it badly enough, they will find a way around it, one way or another.

So Macrovision copy-protection has been hacked. So has CSS, region coding and RCE on DVD. CD cpy-protection schemes that have made CDs unworthy of the trademark and secretly install malware on computer discs have all been overcome. The copy-protection on DVD-Audio has been hacked too. There is now an application – Isobuster – that claims to be able to "back up" virtually any optical disc including HD DVD and Blu Ray.

Interestingly, commentary on the alleged AACS hack claimed that because HD DVD was the format to be "hacked" initially, it would enjoy increased sales as a result of being capable of being copied. At the same time, it was opined that if HD DVD has been hacked, the studios would be less likely to support it (the hack announcement came shortly before the Las Vegas CES opened on 8 January, at which a number of additional HD DVD supporters are expected to be unveiled).

And there we have it: the classic example of bad business practice in packaged media. Two formats, each with their pros and cons, and the one that has been hacked can expect better sales as a result of being proved less secure, while its makers are less likely to support it . What is the world coming to?

How well do you expect a product is going to do if the fundamental requirement for its endorsement by content providers is something diametrically opposed to the needs of its potential customers?

Content providers are adept at this: record companies have been making enemies of their customers for some considerable time – and they wonder why sales are dropping. Instead of saying "Here’s this new technology – how can we make money my using it to provide our customers with something they want?", they can’t see beyond the ends of their noses and instead say, "Here’s this new technology – how do we stop people from using it?" It’s a recipe for disaster. In the case of the record companies, they were saved only by Apple’s inspired design and implementation of both iTunes Music Store and, of course, the ubiquitous iPod.

In a world where for every electronic measure there is a countermeasure, available in days (and if the AACS hack isn’t real now, it surely will be at some point), where every more extensive, invasive and expensive measure raises the price of the product and makes it less usable, less appealing, less wirthy of purchase, the only answer is to go the other way. Start by asking what people want and then provide it. The answer might be as simple as making the product so cheap that it’s not worth hacking – so that even if there’s a hack available it’s actually just as easy to buy the real thing – and ensuring that the value-added content (lyrics, artwork, whatever) that you won’t get on a copy are worth having.

After all, who wants a cheap copy when they can own an original?